• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Part02 access control   authentication
 

Part02 access control authentication

on

  • 351 views

 

Statistics

Views

Total Views
351
Views on SlideShare
351
Embed Views
0

Actions

Likes
0
Downloads
8
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Part02 access control   authentication Part02 access control authentication Document Transcript

    • 2/21/2012Access Control, Authentication IT Faculty – Dalat University February - 2012 LOGO Access Control The mechanism by which users are granted or denied the ability to interact with and use resources Access control is often referred to using the term authorization With proper authorization or access control, a system will properly control access to resources in order to prevent unauthorized access. 2 Phan Thi Thanh Nga - IT Faculty Access Control MethodsDiscretionary Access Control (DAC)  bases access decisions on users’ identityMandatory Access Control (MAC)  bases access decisions on mandated regulations defined by a central authorityRole-Based Access Control (RBAC)  bases access decisions on the roles played by users in the models 3 Phan Thi Thanh Nga - IT Faculty 1
    • 2/21/2012 Discretionary Access Control based on the identity of the user requesting access and on a set of rules, called authorizations stating which user can perform which action on which resource 4 Phan Thi Thanh Nga - IT Faculty Basic elements 5 Phan Thi Thanh Nga - IT Faculty User - Principals user and principals: 1 to n mapping System authenticates user in the context of principals Shared principals (account ) are not good for auditing and accountability 6 Phan Thi Thanh Nga - IT Faculty 2
    • 2/21/2012 Principal - Subjects 1 to n mapping between principal and subjectA subject is a program or application run on behalf of principal 7 Phan Thi Thanh Nga - IT Faculty Objects Object is an anything on which a subject can perform allowed operations (i.e. with grant rights)Usually objects are passive: files, directories, processes, tables, … 8 Phan Thi Thanh Nga - IT Faculty Rights A right specifies what kind of access a subject can perform on an object  Own  Read  Write  Execute  Create  Delete  … 9 Phan Thi Thanh Nga - IT Faculty 3
    • 2/21/2012 Discretionary Access Control In the most basic form, an authorization is a triple (s, o, a), stating that user s can execute action a on object o The first discretionary access control model proposed in the literature is the access matrix model 10 Phan Thi Thanh Nga - IT Faculty Access Matrix ModelLet S, O,and A be a set of subjects, objects, and actions, respectively.The access matrix model represents the set of authorizations through a |S|×|O| matrix A. 11 Phan Thi Thanh Nga - IT Faculty Access Matrix Model Each entry A[s, o] contains the list of actions that subject s can execute over object o Ex: user Ann can read and write Document1 12 Phan Thi Thanh Nga - IT Faculty 4
    • 2/21/2012 Access Matrix Model The access matrix model can be implemented through different mechanisms. The mechanisms typically adopted are:  Authorization table. The non empty entries of A are stored in a table with three attributes: user, action,and object. 13 Phan Thi Thanh Nga - IT Faculty Authorization table 14 Phan Thi Thanh Nga - IT Faculty Access Matrix Model Access control list (ACL).  The access matrix is stored by column, that is, each object is associated with a list of subjects together with a set of actions they can perform on the object.  O  {(S,A)}: ACL 15 Phan Thi Thanh Nga - IT Faculty 5
    • 2/21/2012 Access Control List 16 Phan Thi Thanh Nga - IT Faculty Capability  The access matrix is stored by row, that is, each subject is associated with a list indicating, for each object, the set of actions the subject can perform on it.S  {(O,A)} 17 Phan Thi Thanh Nga - IT Faculty Capability List 18 Phan Thi Thanh Nga - IT Faculty 6
    • 2/21/2012 Disadvantages List some disadvantages of access matrix ?????????  Possible conditions: • data-dependent (sal<1000) • timedependent (8:00am-5:00pm) • Context dependent (“name-salary” pair is prohibited) • History dependent, … 19 Phan Thi Thanh Nga - IT Faculty DACDAC systems have evolved and they include support for the following features:  Conditions: support conditions associated with authorizations  Abstractions: supports user groups and classes of objects  Exceptions: support exceptions in authorization definition 20 Phan Thi Thanh Nga - IT Faculty DAC vulnerabilities Trojan horses  does not distinguish between users and subjects 21 Phan Thi Thanh Nga - IT Faculty 7
    • 2/21/2012 Mandatory Access ControlThe most common form of mandatory policy is the multilevel security policy, based on the classifications of subjects and objects in the systemEach subject and object in the system is associated with an access class  a security level  a set of categories. 22 Phan Thi Thanh Nga - IT Faculty Mandatory Access Control Given two access classes c1 and c2, c1 dominates c2, denoted c1 ≥ c2,iff  The security level of c1 is greater than or equal to the security level of c2 and  the set of categories of c1 includes the set of categories of c2. 23 Phan Thi Thanh Nga - IT Faculty Mandatory Access ControlMandatory policies can be classified as secrecy-based and integrity-based, operating in a dual manner.Secrecy-Based Mandatory Policy  The main goal is to protect data confidentiality  applying the following two principles • No-Read-Up. A subject s can read an object o if and only if the access class of the subject dominates the access class of the object. • No-Write-Down. A subject s can write an object o if and only if the access class of the object dominates the access class of the subject. 24 Phan Thi Thanh Nga - IT Faculty 8
    • 2/21/2012 Secrecy-Based Mandatory Policy 25 Phan Thi Thanh Nga - IT Faculty Mandatory Access Control Integrity-Based Mandatory Policy  The main goal is to prevent subjects from indirectly modifying information they cannot write.  Applying the following two principles • No-Read-Down. A subject s can read an object o if and only if the integrity class of the object dominates the integrity class of the subject. • No-Write-Up. A subject s can write an object o if and only if the integrity class of the subject dominates the integrity class of the object. 26 Phan Thi Thanh Nga - IT Faculty Integrity-Based Mandatory Policy 27 Phan Thi Thanh Nga - IT Faculty 9
    • 2/21/2012 Role-Based Access Control A role is defined as a set of privileges that any user playing that role is associated withThe access control policy is then defined through two different steps:  the administrator defines roles and the privileges related to each of them;  each user is assigned with the set of roles she can play. 28 Phan Thi Thanh Nga - IT Faculty Role-Based Access Control A user may be allowed to simultaneously play more than one role andMore users may simultaneously play the same roleThe main advantage of RBAC, with respect to DAC and MAC, is that it better suits to commercial environments. 29 Phan Thi Thanh Nga - IT Faculty AuthenticationThe process of proving that a subject is the valid user of an accountThe authentication process requires that the subject provide an identity and then proof of that identity. 30 Phan Thi Thanh Nga - IT Faculty 10
    • 2/21/2012 AuthenticationIdentity proofing typically takes the form of one or more of the following three authentication factors:  Something you know (such as a password)  Something you have (such as a smartcard)  Something you are (such as a fingerprint) 31 Phan Thi Thanh Nga - IT Faculty Authentication Some protection mechanisms used to secure the authentication credentials (identity claim and identity proofs) while they’re in transit from the client to the authentication server.  Kerberos  CHAP  Certificates. 32 Phan Thi Thanh Nga - IT Faculty KerberosA trusted thirdparty authentication protocolKerberos is used to authenticate network principles (subjects) to other entities on the network (objects, resources, and servers) 33 Phan Thi Thanh Nga - IT Faculty 11
    • 2/21/2012 KerberosThe core element of a Kerberos solution is the Key Distribution Center (KDC)KDC is responsible for verifying the identity of principles and granting and controlling access within a network environment through the use of secure cryptographic keys and tickets 34 Phan Thi Thanh Nga - IT Faculty KerberosKerberos is a trusted third-party authentication solution because the KDC acts as a third party in the communications between a client and a serverKerberos is also a single sign-on solution 35 Phan Thi Thanh Nga - IT Faculty KerberosThe basic process of Kerberos authentication is as follows: 36 Phan Thi Thanh Nga - IT Faculty 12
    • 2/21/2012 Kerberos1. The subject provides logon credentials.2. The Kerberos client system encrypts the password with Data Encryption Standard (DES) and transmits the protected credentials to the KDC.3. The KDC verifies the credentials and then creates a Ticket Granting Ticket (TGT—a hashed form of the subject’s password with the addition of a timestamp that indicates a valid lifetime). The TGT is encrypted and sent to the client. 37 Phan Thi Thanh Nga - IT Faculty Kerberos4. The client receives the TGT. At this point, the subject is an authenticated principle in the Kerberos realm.5. The subject requests access to resources on a network server. This causes the client to request a Service Ticket (ST) from the KDC.6. The KDC verifies that the client has a valid TGT and then issues an ST to the client. The ST includes a timestamp that indicates its valid lifetime. 38 Phan Thi Thanh Nga - IT Faculty Kerberos7. The client receives the ST.8. The client sends the ST to the network server that hosts the desired resource.9. The network server verifies the ST. If it’s verified, it initiates a communication session with the client. From this point forward, Kerberos is no longer involved. 39 Phan Thi Thanh Nga - IT Faculty 13
    • 2/21/2012 KerberosThe Kerberos authentication method helps to ensure that logon credentials aren’t compromised while in transit from the client to the server.The inclusion of a timestamp in the tickets ensures that expired tickets can’t be reused. This prevents replay and spoofing attacks against Kerberos. 40 Phan Thi Thanh Nga - IT Faculty KerberosKerberos is used to provide security and protection for authentication credentials alone.It isn’t used in any way to provide encryption or security for other types of data transfer. 41 Phan Thi Thanh Nga - IT Faculty ReferencesJames Michael Stewart, Security+ Fass Pass, Chapter 1, Sybex, 2004Micheal Gertz, Sushil Jajodia. Handbook of Database Security -Application and Trend. Recent Advances in Access Control, pages 1-9. Springer, 2007 42 Phan Thi Thanh Nga - IT Faculty 14